An implementation of Python written in Java.
+It was found that Jython is vulnerable to arbitrary code execution by + sending a serialized function to the deserializer. +
+Remote execution of arbitrary code by enticing a user to execute + malicious code. +
+There is no known workaround at this time.
+All Jython users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/jython-2.7.0-r2"
+
+ A Modular Open Source PBX System.
+Multiple vulnerabilities have been discovered in Asterisk. Please review + the referenced CVE identifiers for details. +
+A remote attacker could execute arbitrary code, cause a denial of + service condition, or cause an unauthorized data disclosure by enticing a + user to run malicious code. +
+There is no known workaround at this time.
+All Asterisk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-13.17.2"
+
+ The X.Org project provides an open source implementation of the X Window + System. +
+Multiple vulnerabilities have been discovered in X.Org Server. Please + review the referenced CVE identifiers for details. +
+A local attacker could cause a global buffer overflow or a Denial of + Service condition. +
+There is no known workaround at this time
+All X.Org Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.19.4"
+
+ Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +
+Multiple vulnerabilities have been discovered in Oracle’s Java SE. + Please review the referenced CVE identifiers for details. +
+A remote attacker could cause a Denial of Service condition, modify + arbitrary data, or have numerous other impacts. +
+There is no known workaround at this time.
+All Oracle JDK users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jdk-bin-1.8.0.152-r1"
+
+
+ All Oracle JRE users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jre-bin-1.8.0.152-r1"
+
+ The Apache HTTP server is one of the most popular web servers on the + Internet. +
+Multiple vulnerabilities have been discovered in Apache. Please review + the referenced CVE identifiers for details. +
+The Optionsbleed vulnerability can leak arbitrary memory from the server + process that may contain secrets. Additionally attackers may cause a + Denial of Service condition, bypass authentication, or cause information + loss. +
+There is no known workaround at this time.
+All Apache users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.27-r1"
+
+ libxml2 is the XML (eXtended Markup Language) C parser and toolkit + initially developed for the Gnome project. +
+Multiple vulnerabilities have been discovered in libxml2. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to process a specially crafted XML + document, could remotely execute arbitrary code, conduct XML External + Entity (XXE) attacks, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r3"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+